Jump to content

Admin Restrict Branch


adrian

Recommended Posts

Hi,

setting custom php to restrict branch, if there's no match, the full page tree becomes visible, eg using this code:

return ($user->hasRole("member") ? strtolower($user->last_name . "-" . $user->first_name) : "/");

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Link to comment
Share on other sites

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Good point - I am not sure the best approach to take here. It is by design because for my initial use case the users without matches should have access to the entire page tree.

It sounds like for your needs you'd want nothing listed at all in the page tree - is that right?

Initially that sounds easy enough, but I am wondering if you'll still want certain users/roles to have full access and wondering how this should best be achieved. I don't think it's as simple as a config setting that asks what not matching users should see - everything vs nothing, because I expect you'll want some users to see everything and some to see nothing.

I know that with your code you've taken care of this because only members are limited, but maybe for other situations this won't be as clear cut. I am also wondering if the "Role Name" method for matching also needs to consider this scenario - what should they see if there is no match?

Before I go any further, do you have any thoughts on the best approach/logic?

Maybe for the custom PHP code option I could check for a returned true/false - true would show the entire page tree, false would show nothing. That doesn't solve the Role Name issue or if the custom PHP code option doesn't have a conditional component, but it might be helpful in your scenario.

Link to comment
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Link to comment
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Well I decided that it could be an issue is several scenarios, so I have added some new options.

You can now return false from the custom php code option which will result in the user having no access to any pages in the tree. There is also a new config settings option for determining whether non-matching users see the entire page tree (current scenario and the new default) or they have no access. This setting works with all three matching options.

Check it out and let me know what you think.

I have also included the temp hack fix for the page doubling issue in PW 3.0.8+ (https://github.com/ryancramerdesign/ProcessWire/issues/1774). Hopefully this is something that Ryan will fix in the core shortly and I can remove the hack. The side-effect is that the new smarter page tree (that remembers what was open) doesn't work, but if you are using the functionality of this module, then likely the page tree that the user is seeing is quite simple anyway - I think a decent compromise for the moment.

  • Like 2
Link to comment
Share on other sites

Great, thanks!

However, if my php selector has a match and I set "No Access", my user can see no pages. There's something to do with 'allOrNone' conditions I guess:

if($this->data['allOrNone'] == 'none' || $this->branchRootParentId === false) {
            $this->error("You don't have permission to view this branch of the page tree.");
            $event->replace = true;
            $event->return = false;
        }

These (in 2 places) always evaluate to true if I set allOrNone to 'none' so the error is shown. But I may be wrong because I don't see the entire picture.

Update: the same is true if I use the "Specify branch parent" option  instead of custom php code.

Link to comment
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

  • Like 1
Link to comment
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

Are you using the custom PHP code option?

If so, try "Entire Page Tree", rather than "No Access" and in your php conditional, you can return "/" for the role that should see the entire page tree, but "false" (without the quotes) for the other roles, so that they won't have any access.

Does that suit your needs?

Link to comment
Share on other sites

No I'm using "Select branch parent". I'll check your suggestion too. Currently I have no field to match for the other roles, so the branch parent suited more.

I have just put together a solution that checks if the homepage is matched - now that will result in showing the entire page tree. That should take care of what you need without the need for adding roles to be excluded.

I just need to test a little more - should have it committed shortly.

Link to comment
Share on other sites

  • 3 months later...

Hi Adrian,

Thanks for this plugin, works great but seems to brake my bookmark functionality. If I try start a new page from a bookmark the subsequent URL seems to have a blank parent_id var attached to the end (see below) and obviously doesn't work. Creating a new page from the tree menu seems to work as per normal though? I'm using the 'Specified Parent' method. Any help appreciated!

http://localhost:8888/ragtrade/jobadmin/page/add/?parent_id=1016&parent_id=

Cheers,

Brett

Link to comment
Share on other sites

  • 4 months later...

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

Link to comment
Share on other sites

Hi @flod,

I have had users able to upload images no problem here. Could you perhaps help by debugging the error from the image upload. Your browser dev console's Network tab might show what is going on.

Anyone else using this module having any problems with image upload?

Link to comment
Share on other sites

This only happens in a repeater image field. I have no problems with other image fields. Here is the browser error message: Pass empty string to getElementById ().

And in the modules error log: 
https://www.xxx/page/edit/?id=15200&InputfieldFileAjax=1 Error initiating module: ProcessPageEdit - you have no permision to change this page

By the way, the module PageEditPerUser is active too.

Link to comment
Share on other sites

On 2017/1/11 at 8:51 PM, flod said:

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

I have the same problem with repeater also. The solution is exclude the repeater page under admin in the module settings.

Gideon

 

  • Like 1
Link to comment
Share on other sites

@flod - exactly as @Gideon So suggests. You are looking for the "Branch Edit Exclusions" setting: "Selected branches will be excluded from branch edit restrictions. They still won't show in the page list, but they will remain editable, which is useful for external PageTable branches etc."

I suppose it should also mention "Repeaters" as well as PageTable branches.

Please let me know if everything works properly once you take care of that.

Link to comment
Share on other sites

5 minutes ago, flod said:

:rolleyes: That's it! Thanks a lot, guys.

Glad to hear.

I am actually thinking that perhaps the Repeaters parent under the Admin should be automatically excluded. That config setting should really be for PageTable parents and other things that maybe in undefined locations, but we always know where the Repeater parent is.

Link to comment
Share on other sites

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

  • Like 3
Link to comment
Share on other sites

11 hours ago, adrian said:

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

Hi Adrian,

Confirmed this version fixed the problem.

Gideon

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...